Sensitive Information Exposure in Database Backup Plugin for WordPress
CVE-2024-13911

7.2HIGH

Key Information:

Vendor: WordPress
Status: Database Backup And Check Tables Automated With Scheduler 2024
Vendor: CVE Published:; 1 March 2025

What is CVE-2024-13911?

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is susceptible to sensitive information exposure due to inadequate access controls on the /dashboard/backup.php endpoint. Authenticated users with Administrator-level access can exploit this vulnerability to gain access to private data, including full database credentials, compromising the security of the entire WordPress installation.

Affected Version(s)

Database Backup and check Tables Automated With Scheduler 2024 * <= 2.35

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/database-backu...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2025
Vulnerability Reserved
Feb 25, 2025

Credit

Dzmitry Sviatlichny